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1 Role-based access control on the web 
Joon S. Park, Ravi Sandhu, Gail-Joon Ahn 

>/ February 2001 ACM Transactions on Information and System Security (TISSEC), volume 

4 Issue 1 

Publisher: ACM Press 

Full text available: 1 ?|pdf(331.03 KB) Additional Information: full citation , abstract, references , citings, index 
^ terms , review 

Current approaches to access control on the Web servers do not scale to enterprise-wide 
systems because they are mostly based on individual user identities. Hence we were 
motivated by the need to manage and enforce the strong and efficient RBAC access 
control technology in large-scale Web environments. To satisfy this requirement, we 
identify two different architectures for RBAC on the Web, called user-pull and server-pull. 
To demonstrate feasibility, we im ... 

Keywords: WWW security, cookies, digital certificates, role-based access control 

2 DIIVI frameworks: Privacy enhancing identity management: protection against re- 
^ identification and profilin g 

^ Sebastian Claup, Dogan Kesdogan, Tobias Kolsch 

November 2005 Proceedings of the 2005 workshop on Digital identity management 

DIM '05 
Publisher: ACM Press 

Full text available- IB pdf(272 86 KB) A^^'*'^"^' Information: full citation , abstract , references , index terms . 

. : review 

User centric identity management will be necessary to protect user's privacy in an 
electronic society. However, designing such systems is a complex task, as the 
expectations of the different parties involved In electronic transactions have to be met. In 
this work we give an overview on the actual situation in user centric identity management 
and point out problems encountered there. Especially we present the current state of 
research and mechanisms useful to protect the user's privacy. Additiona ... 

Keywords: Identity management, privacy 
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Kerry Taylor, James Murty 

January 2003 Proceedings of the Australasian information security worlcsliop 

conference on ACSW frontiers 2003 - Volume 21 ACSW Frontiers '03 
Publisher: Australian Computer Society, Inc. 

Full text available- IB Ddf(21 7 89 KB) A^^'*'^"^! Information: full citation , abstract , references , citings , index 
— '' terms 

There Is rapidly Increasing Interest In Australia in on-line sharing of Information stored in 
corporate databases, especially within and between staff of independent government 
agencies. Biological collections databases and population health GIS are good examples of 
the frequent situation where database custodians are looking for dynamic, distributed, 
heterogenous federated information system models for information sharing within loosely 
constituted communities. This paper describes a security m ... 

Keywords: RBAC, federated databases 



Se parating key mana g ennent from file system securit y 

David Mazleres, Michael Kaminsky, M. Frans Kaashoek, Emmett Witchel 

December 1999 ACM SIGOPS Operating Systems Review , Proceedings of the 

seventeenth ACM symposium on Operating systems principles SOSP 

'99, Volume 33 Issue 5 
Publisher: ACM Press 

Full text available- jfl pdf(1.77 MB) Additional Information: full citation, abstract, references, citings, index 
' ^ terms 

No secure network file system has ever grown to span the Internet. Existing systems all 
lack adequate key management for security at a global scale. Given the diversity of the 
Internet, any particular mechanism a file system employs to manage keys will fail to 
support many types of use. We propose separating key management from file system 
security, letting the world share a single global file system no matter how individuals 
manage keys. We present SFS, a secure file system that avoids Internal ... 

A pplications and system issues: Securing user inputs for the web 

Jan Camenisch, abhl shelat. Dieter Sommer, Roger Zimmermann 

November 2006 Proceedings of the second ACM workshop on Digital identity 

management DIM '06 
Publisher: ACM Press 

Full text available: ^ p df (655.02 KB) Additional Information: fuil citation , abstract , references , index terms 

The goal of this paper is to study secure and usable methods for providing user input to a 
website. Three principles define security for us: certification, awareness, and privacy. Four 
principles define usability: contextual awareness, semantic awareness, prodigious use of 
screen space, and the availability of recommended choices.We first describe how current 
approaches to the solicitation of user input on the web fail on both fronts: they either can 
not handle certified data, do not resp ... 

Keywords: user interface designs 



6 HTTP Cookies: Standards, privacy, and politics 
David M. Kristol 

November 2001 ACM Transactions on Internet Technology (TOIT), volume i issue 2 
Publisher: ACM Press 

Full text available: -g) pdf(390.38 KB) Additional Information: full^c^ation . abstract, references . aUngs, index 
How did we get from a world where cookies were something you ate and where 
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"nontechies" were unaware of "Netscape cookies" to a world where cookies are a hot- 
button privacy issue for many computer users? This article describes how HTTP "cookies" 
work and how Netscape's original specification evolved Into an IETF Proposed Standard. I 
also offer a personal perspective on how what began as a straightforward technical 
specification turned into a political flashpoint when it tried to address nontechn ... 

Keywords: Cookies, HTTP, World Wide Web, privacy, state management 



^ Protecting information on the Web 

Elisa Bertino, Elena Pagani, Glan Paolo Rossi, Pierangela Samarati 
November 2000 Communications of the ACM 
Publisher: ACM Press 

Full text available:^ pdf(461 .10 KB) Additional Information: full citation, references , citings , index terms 



® D ynamic Access Control: An access control model for dynamic client-side content 
^ Adam Hess, Kent E. Seamons 

June 2003 Proceedings of the eighth ACM symposium on Access control models and 
technologies SACMAT '03 

Publisher: ACM Press 

Full text available:' ^ pdf(608.50 KB) Additional Information: full citation , abstract , references , index terms 

The focus of access control in client/server environments is on protecting sensitive server 
resources by determining whether or not a client is authorized to access those resources. 
The set of resources are usually static, and an access control policy associated with each 
resource specifies who is authorized to access the resource. In this paper, we turn the 
traditional client/server access control model on its head, and address how to protect the 
sensitive content that clients disclose to serve ... 

Keywords: access control, authentication, credentials, trust negotiation 



9 From yellow stickies to the world-wide web: the evolution of problem tracking at the Q 
^ University of Houston 
Julia Kosatka, Anita Bhakta 

October 2004 Proceedings of the 32nd annual ACM SIGUCCS conference on User 

services SIGUCCS '04 
Publisher: ACM Press 

Full text available: '^ pdf(223.77 KB) Additional Information: full citation , abstract , references , index terms 

In 1990, IT Technology Support Services (TSS) was formed by combining several IT 
support departments. Cases were distributed to the four or five support people by the 
simple expedient of putting sticky notes on their office doors. A support person would 
return from an office call to find his/her office door covered in st[cl<y notes. Missing cases, 
lost phone numbers and angry customers were common events. With an enrollment of 
30,000 students and rising, something had to give. 

A variety ... 

Keywords: RightNowTechnologies, burnout, collaboration, console, e-mail, fileMaker pro, . 
helpdesk, notification system, remedy, self-service, tracking, web 
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Piero Bonatti, Pierangela Samarati 

November 2000 Proceedings of the 7th ACM conference on Computer and 
communications security CCS '00 

Publisher: ACM Press 

Full text available: Q pdf(599.91 KB ) Additional Information: full citation , references , citings , index terms 



Keywords: access control, digital certificate, privacy 



11 DOS protection: Using graphic turinq tests to counter automated DDoS attacks 

^ ag ainst web serve rs 

^ William G. Morein, Angelos Stavrou, Debra L. Cook, Angelos D. Keromytis, Vishal Misra, Dan 
Rubenstein 

October 2003 Proceedings of the 10th ACM conference on Computer and 

communications security CCS '03 
Publisher: ACM Press 

Full text available: 151 pdf(256 83 KB). Additional Information: full citation , abstract , references , citing s, index 
. • terms 

We present WebSOS, a novel overlay-based architecture that provides guaranteed access 
to a web server that is targeted by a denial of service (DoS) attack. Our approach exploits 
two key characteristics of the web environment: its design around a human-centric 
interface, and the extensibility inherent in many browsers through downloadable 
"applets." We guarantee access to a web server for a large number of previously unknown 
users, without requiring pre-existing trust relationships between ... 

Keywords: Java, graphic turing tests, web proxies 



12 Identity Boxin g : A New Technique for Consistent Global Identity 
Douglas Thain 

November 2005 Proceedings of the 2005 ACM/IEEE conference on Supercomputing SC 
'05 

Publisher: IEEE Connputer Society 

Full text available: ^ pdf(393.19 KB) Additional Information: full citation , abstract , index terms 

Today, users of the grid may easily authenticate themselves to computing resources 
around the world using a public key security infrastructure. However, users are forced to 
employ a patchwork of local identities, each assigned by a different local authority. This 
forces each grid system to provide a mapping from global to local identities, creating a 
significant administrative burden and inhibiting many possibilities of data sharing. To 
remedy this, we introduce the technique of identity boxing. ... 

13 Access control with IBM Tivoli access manag er 
Gunter Karjoth 

May 2003 ACM Transactions on Information and System Security (TISSEC), volume 6 

Issue 2 

Publisher: ACM Press 

Full text available: ■ apdf(367,07 KB) Additional Information: full citation , abstract , references, citings, index 
^ terms 

Web presence has become a key consideration for the majority of companies and other 
organizations. Besides being an essential information delivery tool, the Web is increasingly 
being regarded as an extension of the organization itself, directly integrated with its 
operating processes. As this transformation takes place, security grows in importance. IBM 
Tivoli Access Manager offers a shared infrastructure for authentication and access 
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management, technologies that have begun to emerge in the com ... 

Keywords: Access control, WWW security, Web servers, authorization management 



Towards dynamic data grid framework for eResearch 
A. B. 1^. Russel, Asad I. Khan 

January 2006 Proceedings of the 2006 Australasian worlcshops on Grid computing and 

e-research - Volume 54 ACSW Frontiers '06 
Publisher: Australian Computer Society, Inc. 

Full text available: ^ pdf(466.48 KB) Additional Information: full citation , abstract , references , index terms 

The scale at which scientific data is produced will undergo a massive change in the near 
future. Many sophisticated scientific discovery laboratories or the installation of sensor 
networks would produce a large amount of data. Research in protein crystallography for 
instance can produce hundreds of Terabytes of data from a single crystallography 
beamline. These data have to be saved for future use and made available for collaborative 
use by researchers. There is a need to develop a framework whi ... 

Keywords: CIMA, SRB, data grid, eResearch, gridFTP 



15 General stora g e protection techniques: Securing distributed storage: challen g es. 
^ techniques, and systems 
^ Vishal Kher, Yongdae Kim 

November 2005 Proceedings of the 2005 ACM workshop on Storage security and 
survivability StorageSS '05 

Publisher: ACM Press 

Full text available: ^ pdf(294.61 KB) Additional Information: full citation , abstract , references , index terms 

The rapid Increase of sensitive data and the growing number of government regulations 
that require longterm data retention and protection have forced enterprises to pay serious 
attention to storage security. In this paper, we discuss important security issues related to 
storage and present a comprehensive survey of the security services provided by the 
existing storage systems. We cover a broad range of the storage security literature, 
present a critical review of the existing solutions, compare ... 

Keywords: authorization, confidentiality, integrity, intrusion detection, privacy 



16 Vision & challen g es: A peer-to-peer approach to wireless LAN roaming . | 
Ellas C. Efstathiou, George C. Polyzos 
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We make the case for a Global Confederation of Peer-to-Peer (P2P) Wireless Local Area 
Networks. A P2P Wireless Network Confederation (P2PWNC) Is a community of 
administrative domains that offer wireless Internet access to each other's registered 
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With the recent adoption of marketing activities outsourcing, there have been increasing 
demands and concerns for privacy control. The traditional approach of a bulk transmission 
of the customers' information to a marketing company cannot meet such demands, 
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architecture and a development methodology for end-to-end privacy control over the 
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Web services are increasingly utilized by organizations tliat want to innprove 
responsiveness and efficiency. While they may be used In an Isolated way, the need of 
integrating them as part of workflow processes is more and more felt. However the 
creation of applications composed of dynamically selected basic services entails facing two 
essential issues: how to efficiently discover Web services and how to allow and facilitate 
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An important dimension of mobile computing is the ubiquitous and location-independent 
availability of data. Aggregation is the ability to electronically access and display personal 
account information from disparate sources through a single identity. The client financial 
data is assembled in an organized format providing meaningful summarization and 
analysis. The prevalent methods of aggregation pose issues in information security and 
assurance. Utilizing advances in Internet technology such as ... 
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Maximizing local autonomy by delegating functionality to end nodes when possible (the 
end-to-end design principle) has led to a scalable Internet. Scalability and the capacity for 
distributed control have unfortunately not extended well to resource access-control 
policies and mechanisms. Yet management of security is becoming an increasingly 
challenging problem in no small part due to scaling up of measures such as number of 
users, protocols, applications, network elements, topological constr ... 
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